// For flags

CVE-2016-1669

V8: integer overflow leading to buffer overflow in Zone::New

Severity Score

8.8
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

The Zone::New function in zone.cc in Google V8 before 5.0.71.47, as used in Google Chrome before 50.0.2661.102, does not properly determine when to expand certain memory allocations, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via crafted JavaScript code.

La función Zone::New en zone.cc en Google V8 en versiones anteriores a 5.0.71.47, tal como se utiliza en Google Chrome en versiones anteriores a 50.0.2661.102, no determina correctamente cuándo expandir ciertas asignaciones de memoria, lo que permite a atacantes remotos provocar una denegación de servicio (desbordamiento de buffer) o posiblemente tener otro impacto no especificado a través de código JavaScript manipulado.

An integer-overflow flaw was found in V8's Zone class when allocating new memory (Zone::New() and Zone::NewExpand()). An attacker with the ability to manipulate a large zone could crash the application or, potentially, execute arbitrary code with the application privileges.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Attack Vector
Network
Attack Complexity
High
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
Low
Availability
Low
Attack Vector
Network
Attack Complexity
Medium
Authentication
None
Confidentiality
Complete
Integrity
Complete
Availability
Complete
Attack Vector
Network
Attack Complexity
High
Authentication
None
Confidentiality
Partial
Integrity
Partial
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2016-01-12 CVE Reserved
  • 2016-05-13 CVE Published
  • 2023-12-31 EPSS Updated
  • 2024-08-05 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
  • CWE-190: Integer Overflow or Wraparound
CAPEC
References (24)
URL Date SRC
URL Date SRC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Debian
Search vendor "Debian"
Debian Linux
Search vendor "Debian" for product "Debian Linux"
8.0
Search vendor "Debian" for product "Debian Linux" and version "8.0"
-
Affected
Google
Search vendor "Google"
Chrome
Search vendor "Google" for product "Chrome"
<= 50.0.2661.87
Search vendor "Google" for product "Chrome" and version " <= 50.0.2661.87"
-
Affected
Opensuse
Search vendor "Opensuse"
Opensuse
Search vendor "Opensuse" for product "Opensuse"
13.1
Search vendor "Opensuse" for product "Opensuse" and version "13.1"
-
Affected
Google
Search vendor "Google"
V8
Search vendor "Google" for product "V8"
<= 5.0.71
Search vendor "Google" for product "V8" and version " <= 5.0.71"
-
Affected
Nodejs
Search vendor "Nodejs"
Node.js
Search vendor "Nodejs" for product "Node.js"
>= 0.10.0 < 0.10.46
Search vendor "Nodejs" for product "Node.js" and version " >= 0.10.0 < 0.10.46"
-
Affected
Nodejs
Search vendor "Nodejs"
Node.js
Search vendor "Nodejs" for product "Node.js"
>= 0.12.0 < 0.12.15
Search vendor "Nodejs" for product "Node.js" and version " >= 0.12.0 < 0.12.15"
-
Affected
Nodejs
Search vendor "Nodejs"
Node.js
Search vendor "Nodejs" for product "Node.js"
>= 4.0.0 <= 4.1.2
Search vendor "Nodejs" for product "Node.js" and version " >= 4.0.0 <= 4.1.2"
-
Affected
Nodejs
Search vendor "Nodejs"
Node.js
Search vendor "Nodejs" for product "Node.js"
>= 4.2.0 < 4.4.6
Search vendor "Nodejs" for product "Node.js" and version " >= 4.2.0 < 4.4.6"
lts
Affected
Nodejs
Search vendor "Nodejs"
Node.js
Search vendor "Nodejs" for product "Node.js"
>= 5.0.0 < 5.12.0
Search vendor "Nodejs" for product "Node.js" and version " >= 5.0.0 < 5.12.0"
-
Affected
Nodejs
Search vendor "Nodejs"
Node.js
Search vendor "Nodejs" for product "Node.js"
>= 6.0.0 <= 6.2.0
Search vendor "Nodejs" for product "Node.js" and version " >= 6.0.0 <= 6.2.0"
-
Affected
Canonical
Search vendor "Canonical"
Ubuntu Linux
Search vendor "Canonical" for product "Ubuntu Linux"
14.04
Search vendor "Canonical" for product "Ubuntu Linux" and version "14.04"
esm
Affected
Canonical
Search vendor "Canonical"
Ubuntu Linux
Search vendor "Canonical" for product "Ubuntu Linux"
15.10
Search vendor "Canonical" for product "Ubuntu Linux" and version "15.10"
-
Affected
Canonical
Search vendor "Canonical"
Ubuntu Linux
Search vendor "Canonical" for product "Ubuntu Linux"
16.04
Search vendor "Canonical" for product "Ubuntu Linux" and version "16.04"
esm
Affected